Re: BUG: NULL pointer deref in tty port / uart

From: Alan Cox
Date: Tue May 17 2011 - 19:59:22 EST

Next message: System Administrator: "You Have Exceeded The Storage Limit"
Previous message: Shirley Ma: "Re: [PATCH V5 2/6 net-next] netdevice.h: Add zero-copy flag innetdevice"
In reply to: Frederic Weisbecker: "BUG: NULL pointer deref in tty port / uart"
Next in thread: Jiri Olsa: "Re: BUG: NULL pointer deref in tty port / uart"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> echo 1 > /dev/ttyS4 # which blocks
>
> And on another console:
>
> cat /dev/ttyS4 # which blocks
>
> Then Ctrl + C the echo in the first console. This produces the
> following trace:

First cat is in tty_port_block_til_ready, second cat joins it there. ^C
causes one to close, which wakes the second which goes around the loop
again, tries to raise the carrier and explodes, it seems because
someone trashed memory it is using.

Not quite sure why at this point

On the first exit of the open path port->count is 1 which is as we want
it. Close takes it down to zero which triggers the port shutdown path
which is as we want. We clean up port->tty and shut down the port.
Seeing the second pending open we wake it which is when it goes kaboom

Nothing obvious strikes me from reading the code.
--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/

Next message: System Administrator: "You Have Exceeded The Storage Limit"
Previous message: Shirley Ma: "Re: [PATCH V5 2/6 net-next] netdevice.h: Add zero-copy flag innetdevice"
In reply to: Frederic Weisbecker: "BUG: NULL pointer deref in tty port / uart"
Next in thread: Jiri Olsa: "Re: BUG: NULL pointer deref in tty port / uart"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]